The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

78% of vulnerabilities are found in third-party programs. Security teams cannot monitor all of them manually or determine which ones are critical to their organization. Secunia, the leading provider of IT security solutions that enables businesses and private individuals to manage and control vulnerability threats, today announced the general availability of the new version of Secunia's Vulnerability Intelligence Manager, the VIM 4.0. The Secunia VIM 4.0 is the latest evolutionary step in the technology Secunia has developed to help organizations handle vulnerabilities and protect business critical information and assets against potential attacks. Because it covers more than 40,000 software systems and applications, the VIM 4.0 solution provides the most comprehensive intelligence about software vulnerabilities available to organizations, ensuring that all security threats can be dealt with before the IT infrastructure is compromised by cybercriminals . "  We're v...

Recently we reported about that  Symantec provide overview and analysis of the year in global threat activity via its Internet Security Threat Report (ISTR) , with a exclusive details that 400 million new variants of malware were created in 2011, which is an average of 33 million new variants of malware a month, or an average of one million new variants a day. In order to develop malware that evades detection by the security companies malware writers come up with some clever, yet quite simple techniques. If malware stops itself when it detects that it is running in a virtual environment, it may trick an automated threat analysis system into thinking that it is a clean program. So malware may not only fool automated threat analysis systems, but also a corporate system administrator who is searching for computers compromised by malware. Malware authors have recently attempted to use other approaches to fool automated threat analysis systems as well. Latest example of su...

Matthew Higgins, now 20 and a university student, hacked into his school computer system to obtain a girl's details and then boasted on a hackers' forum. Matthew is son of a police inspector. Caernarfon Crown Court heard it was the case of a clever young man caught red-handed. The defendant says there is a conspiracy to fabricate evidence against him. Matthew first hacked the girl's file and then did a fake mail. In mail he claimed to be a constituent suggesting there was an insecure internet system at the school. " Mr Higgins denies securing unauthorised access to computer data at Eirias High School in March last year and attempting to do so again two months later ." BBC said. The prosecution accused Mr Higgins of having "played a game of bluff and smoke screens" and trying to portray himself as a victim. The trial is continuing.

FBI's Cyber Division has a new and sharper focus on cyber-intrusion ," You are one click from compromising your network " FBI said. Giving priority to the labeling of suspects follows claims by the Pentagon that the military now has the capability to single out and retaliate against hackers. FBI over the past year has put in place an initiative to uncover and investigate web-based intrusion attacks and develop a cadre of specially trained computer scientists able to extract hackers digital signatures from mountains of malicious code. " A key aim of the Next Generation Cyber Initiative has been to expand our ability to quickly define the attribution piece of a cyber attack to help determine an appropriate response ", said Richard McFeely , executive assistant director of the Bureau's Criminal, Cyber, Response, and Services Branch. Investigators can send findings to the FBI Cyber Division's Cyber Watch command, a 24-hour station at headquarters, where sp...

16.0.2 Firefox is now available for anyone who wants to try before anyone else. Mozilla address one serious vulnerability. According to the information security of Mozilla, they has fixed a number of issues related to the Location object in order to enhance overall security. The Location object is supported by all major browsers and contains information about the URL being requested. Security researcher Mariusz Mlynski reported that the true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users. Another issue centers on the CheckURL function, which if exploited could be used during an XSS attack or to execute malicious code. On Oct. 9, Mozilla released Firefox 16, but quickly pulled it back after a serious vulnerability was discovered. It was quickly addressed, but not before exploit code was made available. Generally Firefox of...

Image Credit : Sophos Microsoft committed itself a Trustworthy Computing program, each new version of Windows has introduced new security features and significantly improved its security posture, whereas phisher took advantage of this new exclusive release. Sophos noticed a mail pretending to come from " Microsoft Windows 8 Team ", and offering a free version of Windows 8 to victim and if you click the link ..on next page a page hosted on Slovakian web server will ask you to enter your username, password, email address and server domain name. Global phishing attacks increased by 12 percent during the first half of this year compared with the second half of 2011, to 93,462 from 83,083.  Phishing attacks are most common and taking advange of hot cakes is also not new. We recommend readers to delete such mails and Do not click on such link which offer's free stuff like Windows or softwares. Attacks decreased, however, compared with the first half of 2011...

Collective hacking group Anonymous  leaks username-passwords  and classified documents from Greek Finance Ministry server. Just a few days before the Greek Parliament is scheduled to vote on a $17.45 billion spending cut and tax hike plan. Attack was carried out under anonymous operation named - #opGreece . The leaked documents include various classified data from e-mails that were exchanged between the Greek Ministry and envoys from international lenders negotiating more austerity measures and bailouts, to thousands of passwords of Greek individuals and evaluations of banks. " The cyber-attack was described as one of the most serious against Greek government networks " secnews.gr said in report .  The attackers claim that they wanted to expose the date on the state of Greek economy so that all Greeks know the truth and thus just days before the 13.5-billion-euro austerity package goes to Parliament for voting. " Citizens of Greece you are paying Ba...

Japanese police had arrested three people, accused them of making death threats via email and discussion forums. However, later Researchers at Symantec have determined that a piece of malware was making death and bomb threats online on behalf of its victims infected. Symantec  confirmed that the malware " Backdoor.Rabasheeta " is capable of controlling a compromised computer from a remote location and the creator has the capability to command the malware to make the threats like bomb and murders. The most curious thing about this particular dropper is that it comes with a graphical user interface (GUI). The dropper for Backdoor.Rabasheeta drops a main module and a configuration file. The dropper creates a registry entry so that the main module is executed whenever the compromised computer starts. This dropper also modifies CreationTime, LastWriteTime, and LastAccessTime of the main module with random values to help keep it hidden. Then the dropper will execute the...

Hacking Group Anonymous has threatened to target Zynga, according to a post on the group's official news channel and a since-deleted YouTube video (but it was removed because it was considered a "violation of YouTube's policy on depiction of harmful activities") which suggests that the social game company is planning further layoffs which threaten to bring about " the end of the US game market as we know it ". Zynga announced plans to lay off 150 employees last week and shut down a number of its offices, as it looks to make savings of between $15 and $20 million. The operation, dubbed maZYNGA, will consist of the shutting down of Facebook - the platform on which Zynga games are hosted - and the distribution of previously obtained Zynga game codes for free. " During the last few days anonymous has been targeting Zynga for the outrageous treatment of their employees and their actions against many developers. We have come to believe that this actions of Zynga will res...

A group has hacked the French website for the EuroMillions lottery (https://euromillions.fr/) with warnings denouncing gambling as the work of the devil. A group going by name " Moroccanghosts ", posted the message in Arabic and French  - " Oh you believers. Wine, games of chance, statues all augur impurity and are the work of the devil. " It exhorted people to quit gambling, saying it was used by the devil along with alcohol to " sow hatred between yourselves and turn you away from God and prayer ". The company behind the site, Francaise des Jeux, took the passage down and the site was unavailable from last 12 hours later, but now Euromillions.fr  redirects to https://www.fdj.fr , the secure website of the firm that runs the Euromillions lottery in France. The Twitter user Moroccanghosts appeared to threaten that other gambling sites could be next. So there may be more attacks. France has a population of 65 million, including an estimated four million Mu...